hsrp [group]
Configures HSRP (Hot Standby Router Protocol) parameters on an interface for gateway redundancy.
Overview
The 'hsrp' command configures Hot Standby Router Protocol (HSRP) on Cisco NX-OS interfaces, providing first-hop redundancy for end devices. HSRP allows two or more routers to share a virtual IP and MAC address, with one router acting as the active forwarder and another as standby. If the active router fails, the standby takes over transparently. This command is used in interface configuration mode and supports multiple groups per interface. On Nexus switches, HSRP is commonly deployed on SVI (Switch Virtual Interfaces) for VLAN gateway redundancy. Key parameters include group number, virtual IP, priority (1-255), preemption, timers, authentication, and object tracking. HSRP version 2 is recommended for scalability and IPv6 support. Troubleshooting involves verifying state consistency, timer values, and tracking objects. The command integrates with other Nexus features like VPC and FabricPath for enhanced resiliency.
hsrp [group-number] {ip [ip-address [secondary]] | preempt [delay [minimum] [reload] [sync]] | priority priority-value | authentication {text string | md5 key-string [key-id] [timeout seconds]} | timers [msec] hellotime [msec] holdtime | track object-number [decrement-value] | version {1 | 2} | mac-address mac-address | name group-name | use-bia | shutdown}When to Use This Command
- Provide first-hop redundancy for hosts in a VLAN by configuring an HSRP virtual IP address.
- Ensure fast failover by tuning HSRP timers for sub-second convergence.
- Control which router becomes active using priority and preemption settings.
- Track interface or object states to dynamically adjust HSRP priority.
Parameters
| Parameter | Syntax | Description |
|---|---|---|
| group-number | 0-4095 (version 2) or 0-255 (version 1) | HSRP group identifier. If omitted, defaults to 0. Version 2 allows up to 4095 groups. |
| ip | ip [ip-address [secondary]] | Configures the virtual IP address for the HSRP group. The 'secondary' keyword allows multiple virtual IPs per group. |
| priority | priority priority-value | Sets the priority for the router in the group (1-255). Higher priority increases chance of becoming active. Default is 100. |
| preempt | preempt [delay [minimum] [reload] [sync]] | Enables preemption, allowing a router with higher priority to become active. Optional delay timers control when preemption occurs. |
| track | track object-number [decrement-value] | Tracks an object (e.g., interface line-protocol) and decrements HSRP priority by the specified value (default 10) when the object goes down. |
| authentication | authentication {text string | md5 key-string [key-id] [timeout seconds]} | Configures authentication for HSRP messages to prevent spoofing. Text or MD5 authentication is supported. |
| timers | timers [msec] hellotime [msec] holdtime | Sets hello and hold timers. Defaults are 3 seconds hello, 10 seconds hold. Use 'msec' for sub-second timers. |
| version | version {1 | 2} | Selects HSRP version. Version 2 supports IPv6, larger group numbers, and uses different multicast address. |
| mac-address | mac-address mac-address | Manually specifies the virtual MAC address. By default, HSRP derives MAC from group number. |
| name | name group-name | Assigns a descriptive name to the HSRP group for management purposes. |
| use-bia | use-bia | Configures HSRP to use the interface's burned-in MAC address instead of the virtual MAC. |
| shutdown | shutdown | Disables the HSRP group without removing configuration. |
Command Examples
Basic HSRP Configuration
interface vlan 10
hsrp 1
ip 192.168.10.1
priority 110
preemptinterface Vlan10
hsrp 1
ip 192.168.10.1
priority 110
preemptConfigures HSRP group 1 on VLAN 10 with virtual IP 192.168.10.1, sets priority to 110 (higher than default 100), and enables preemption so this router can become active if it has higher priority.
HSRP with Tracking
interface vlan 10
hsrp 1
ip 192.168.10.1
track 1 decrement 20interface Vlan10
hsrp 1
ip 192.168.10.1
track 1 decrement 20Tracks object 1 (e.g., an uplink interface). If object 1 goes down, HSRP priority decreases by 20, allowing another router to take over as active.
Understanding the Output
The 'show hsrp' command displays HSRP group status. Key fields: Group number, version (1 or 2), state (Active, Standby, Listen, Init), virtual IP, active router IP, standby router IP, priority, preemption, timers (hello/hold), and tracked objects. A healthy state shows one Active and one Standby router with correct virtual IP. Problem states include 'Init' (interface down) or multiple Active routers (duplicate group). Priority values determine active selection; preempt allows re-election. Tracked objects show decrement values; if object is down, priority reduces.
Configuration Scenarios
Basic HSRP for VLAN Gateway Redundancy
Two Nexus switches acting as default gateways for VLAN 10 hosts.
Topology
Hosts --- SwitchA (Active) --- Uplink
\--- SwitchB (Standby) --- UplinkSteps
- 1.Configure VLAN 10 SVI on both switches.
- 2.Assign IP addresses to each SVI (e.g., 192.168.10.2/24 on SwitchA, 192.168.10.3/24 on SwitchB).
- 3.Configure HSRP group 1 with virtual IP 192.168.10.1 on both switches.
- 4.Set priority 110 on SwitchA and 100 (default) on SwitchB.
- 5.Enable preempt on both switches.
! SwitchA
interface Vlan10
ip address 192.168.10.2/24
hsrp 1
ip 192.168.10.1
priority 110
preempt
! SwitchB
interface Vlan10
ip address 192.168.10.3/24
hsrp 1
ip 192.168.10.1
preemptVerify: Use 'show hsrp brief' to verify active/standby roles. Ping virtual IP from hosts.
Watch out: Ensure both switches have Layer 3 connectivity and VLAN 10 is created on both.
HSRP with Object Tracking for Uplink Failure
Track uplink interface Ethernet1/1; if it fails, decrement priority so standby takes over.
Topology
SwitchA --- Eth1/1 (tracked) --- Core
\--- Eth1/2 --- HostsSteps
- 1.Configure object tracking for interface Ethernet1/1 line-protocol.
- 2.Apply HSRP tracking with decrement 30.
- 3.Verify that when Eth1/1 goes down, SwitchA priority drops and SwitchB becomes active.
! SwitchA
interface Vlan10
ip address 192.168.10.2/24
hsrp 1
ip 192.168.10.1
priority 110
preempt
track 1 decrement 30
! Object tracking
track 1 interface Ethernet1/1 line-protocolVerify: Shut down Eth1/1 on SwitchA, then 'show hsrp' to see priority decrease and state change.
Watch out: Object tracking only decrements priority; it does not automatically trigger preemption unless preempt is enabled.
Troubleshooting with This Command
When troubleshooting HSRP on Nexus, start with 'show hsrp brief' to see group states. If a group is in 'Init' state, check that the interface is up and has an IP address. If both routers show 'Active', there may be a duplicate group or a Layer 2 loop; verify VLAN and multicast connectivity. Use 'show hsrp detail' to view timers, authentication, and tracked objects. If authentication fails, HSRP messages are ignored; check that keys match. For timer issues, ensure hello/hold times are consistent across routers. If preempt is not working, confirm it is enabled and that priority values are correct. Use 'debug hsrp' with caution to see real-time events. On Nexus, HSRP uses multicast address 224.0.0.2 (version 1) or 224.0.0.102 (version 2); ensure IGMP snooping allows these. Also verify that the virtual IP is not used elsewhere. For VPC environments, HSRP behaves differently; use 'show hsrp vpc' to check consistency.
CCNA Exam Tips
Remember HSRP default priority is 100; higher priority wins.
Preempt is disabled by default; you must enable it for a router to reclaim active role after recovering.
HSRP version 2 supports IPv6 and larger group numbers (0-4095) vs version 1 (0-255).
Common Mistakes
Forgetting to enable preempt on both routers, causing active role to not revert after recovery.
Configuring mismatched authentication keys between routers, causing HSRP to fail.
Using the same virtual IP on overlapping VLANs or subnets.
Platform Notes
On Cisco NX-OS, HSRP configuration is similar to IOS but with some differences: NX-OS uses 'hsrp' command instead of 'standby' (though 'standby' is also accepted for compatibility). NX-OS supports HSRP version 2 by default on newer releases. Object tracking uses 'track' objects defined globally, similar to IOS. NX-OS also supports HSRP over VPC (Virtual Port Channel) with enhanced features like 'hsrp vpc' to synchronize states. For multi-tenant environments, HSRP can be configured per VRF. In contrast to IOS, NX-OS requires 'feature hsrp' to be enabled globally before configuration. Equivalent commands on other platforms: 'standby' on IOS, 'vrrp' on standard RFC implementations, 'glbp' on Cisco IOS. On Juniper, similar functionality is provided by VRRP or GRES/NSR.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions